package com.blog.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/** 
 * @author ant 
 * @date 创建时间：2017年8月16日 下午4:00:17  
 */
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	@Autowired
	private CustomUserDetailsService customUserDetailsService;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
		    .csrf()
		       .disable()
		    .formLogin()
		       .loginPage("/manage/login")
		       .permitAll()
		       .defaultSuccessUrl("/manage/home")
		    .and()
		    .logout()
		       .logoutUrl("/manage/logout")		       
		    .and()
		    .httpBasic()
		       .realmName("blog")
		    .and()
	        .authorizeRequests()	        
	           .antMatchers("/manage/**").authenticated()	        
	           .anyRequest().permitAll();
	}
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
		auth.eraseCredentials(false);
	}

	@Bean  
    public BCryptPasswordEncoder passwordEncoder() {  
        return new BCryptPasswordEncoder(4);  
    }  
}
